216.73.216.67

CVE-2024-7296

· Published 13/03/2025 06:15 · Modified 13/03/2025 06:15

Labels: CVE-2024-7296 2025-03-13CVE-2024-7296CWE-863[email protected]

Essential information

Published
13/03/2025 06:15
Modified
13/03/2025 06:15
Author
Creator
CVSS
2.7 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:16.5:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:17.7.7:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:17.8:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:17.8.5:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:17.9:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:17.9.2:*:*:*:*:*:*:*

References